NEW BOT Телеграм, страница

Brut Security

⌛RSEScan⌛

📣A command-line utility for interacting with the RSECloud. It allows you to fetch subdomains and IPs from certificates for a given domain or organization. A command-line utility for interacting with the RSECloud. It allows you to fetch subdomains and IPs from certificates for a given domain or organization.📣

🌐

POC VIDEO

🌐

🔗

Download

🔗

Please open Telegram to view this post

VIEW IN TELEGRAM

YouTube

Find Hidden Subdomains & IPs | RSEScan | RSECloud | Bug Bounty Recon | Brut Security

📢RSEScan is a command-line utility for interacting with the RSECloud. It allows you to fetch subdomains and IPs from certificates for a given domain or organization.

🚨 Registration Open for July 1st Batch: Extreme Web Application Penetration Testing 🚨
☎️Registration…

👍3🔥1

2.56K viewsSaumadip Mandal, 20:25

Brut Security

Brut Security pinned «⌛RSEScan⌛ 📣A command-line utility for interacting with the RSECloud. It allows you to fetch subdomains and IPs from certificates for a given domain or organization. A command-line utility for interacting with the RSECloud. It allows you to fetch subdomains…»

20:53

Brut Security

Reconnaissance- Phase1.pdf

1.5 MB

☄️Bug Bounty Reconnaissance-Phase 1☄️

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥1

2.24K viewsSaumadip Mandal, 19:17

Brut Security

☄️Bug-Bounty-Wordlists☄️

📣A repository that includes all the important wordlists used while bug hunting.

🔗Link: https://github.com/YaS5in3/Bug-Bounty-Wordlists

#bugbounty #bugbountytips

Please open Telegram to view this post

VIEW IN TELEGRAM

GitHub

GitHub - YA551N3/Bug-Bounty-Wordlists

Contribute to YA551N3/Bug-Bounty-Wordlists development by creating an account on GitHub.

👍6

2.42K viewsSaumadip Mandal, 19:22

Brut Security

Top Useful Extension For Pentesting and Bug hunting

👍3❤1

2.04K viewsSaumadip Mandal, 14:43

Brut Security

💥Bug Bounty Tip: Don't Overlook Image Endpoints!💥

👉Did you know 95% of hunters remove image files from their endpoint scans? Here's how Orwa found sensitive information by focusing on them:

1. Gather All Target Endpoints: Collect endpoints from your target.

2. Filter for Image Extensions: Use a simple command to isolate image URLs.

cat endpoints.txt | egrep 'jpg|jpeg|png' > results.txt

3. Check for Live URLs: Ensure the filtered image URLs are active.

4. Use a Screenshot Tool: Automate the process of taking screenshots of these URLs to quickly spot sensitive information.

ℹ️ Success Story by GodfatherOrwa:
-He found a passport image at app[.]com/xxxx/cdn/file/xxx.jpg.
- Visiting app[.]com/xxxx/cdn/ revealed an open directory listing.
- The result? Tons of exposed PII!

👌Always check image file endpoints (.jpg, .jpeg, .png, etc.). You might find more than you expect!

Happy hunting, everyone! ♥

Credit: @godfatherorwa

#bugbountytips #bugbountytip #bugbounty

👍5

2.41K viewsSaumadip Mandal, 18:26

Brut Security

Brut Security pinned Deleted message

19:24

Brut Security

Blind SQL Payloads

🔥7👍2

2.09K viewsSaumadip Mandal, 15:13

⚠️CVE-2024-29973: Unauthorized command injection in Zyxel NAS devices⚠️

🔍This command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request.

📌PoC: https://github.com/k3lpi3b4nsh33/CVE-2024-29973

📣Dorks:
🔽Hunter: product.name="ZyXEL NAS542"||http://product.name="ZyXEL NAS326"
🔼FOFA: app="NAS542" || app="ZYXEL-NAS326"
🔽SHODAN: http.noscript:"Zyxel NAS326"

Please open Telegram to view this post

VIEW IN TELEGRAM

🤯6❤1

2.08K viewsSaumadip Mandal, 19:35

Brut Security

0:16

This media is not supported in your browser

VIEW IN TELEGRAM

⚠️Progressive Web App (PWA) Phishing⚠️

📌Attack Scenario: A user lands on index.html and clicks the "Install Microsoft Application" button. The install app prompt appears and once it is installed by the user, the JavaScript embedded in index.html redirects the PWA window to the phishing page that hase a fake URL bar at the top (i.e. mrd0x.html). Ensure that you're testing this over HTTPS to avoid encountering issues.

📣Blog Link: https://mrd0x.com/progressive-web-apps-pwa-phishing

🔗POC: https://github.com/mrd0x/PWA-Phishing

⚠️This is simply to demonstrate how PWA phishing works. Don't use it for illegal purposes.

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥3❤1

2.42K viewsSaumadip Mandal, 20:04

Brut Security

Web Cache Deception & Poisoning.pdf

297.3 KB

🔥2🤯1

2.55K viewsSaumadip Mandal, 20:13

Brut Security

cache posioning writeup by ankit.pdf

1.2 MB

🔥2

2.59K viewsSaumadip Mandal, 20:14

Brut Security

🔼

One-Liner XSS

🔽

subfinder -dL domainlist1.txt | dnsx | shuf | (gau | | hakrawler) | anew | egrep -iv "\.(jpg|jpeg|gif|tif|tiff|png|ttf|woff|woff2|php|ico|pdf|noscript|txt|js)$" | urless | nilo | dalfox pipe -b https://xss.hunter

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥8👏1

2.7K viewsSaumadip Mandal, 20:49

Brut Security

Brut Security pinned «Keep checking my old Posts to continue your learning Process!»

21:01

Brut Security

Methods for Dump LSASS.pdf

33.4 MB

💥Methods for Dump LSASS💥

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥2

2.63K viewsSaumadip Mandal, edited 07:38

Brut Security

☄️KnoXSS XSS Payload - confirm?.(1)
🔍Credit- @lu3ky13

#bugbounty #bugbountytips

Please open Telegram to view this post

VIEW IN TELEGRAM

🫡4🤯2

2.45K viewsSaumadip Mandal, edited 19:56

Brut Security

Recon workflow.pdf

77.4 KB

2.38K viewsSaumadip Mandal, 20:10

Brut Security

👀Top 1% on TryHackMe? That’s Cute👀

🤡I've seen a lot of posts lately celebrating being in the top 1% on TryHackMe, but let's take a step back. While it's great to challenge yourself with these platforms, does ranking highly truly reflect practical, real-world experience?

🙂In the ever-evolving field of cybersecurity, hands-on experience and the ability to adapt to real-world situations are what truly count. Ranking in the top 1% on a practice platform like TryHackMe is commendable, but it shouldn't be confused with actual industry experience.

✉️Thoughts?

Please open Telegram to view this post

VIEW IN TELEGRAM

👍6❤‍🔥5🔥1

2.16K viewsSaumadip Mandal, 10:08

Brut Security

☄️CVE-2024-34470: An Unauthenticated Path Traversal vulnerability in HSC Mailinspector!

📣An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.

🚫PoC: https://lnkd.in/gK4NHJ4C
⛔️Video POC: https://youtube.com/shorts/Ij8nWAZQ978?feature=share

🌐Dorks:
Hunter: web.noscript=="..:: HSC MailInspector ::.."
FOFA: noscript=="..:: HSC MailInspector ::.."

Please open Telegram to view this post

VIEW IN TELEGRAM

YouTube

🚨CVE-2024-34470: Path Traversal vulnerability in HSC Mailinspector! #computersecurity #cybersec

🚨CVE-2024-34470: An Unauthenticated Path Traversal vulnerability in HSC Mailinspector!👉An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2....

🔥4❤‍🔥1👍1

2.23K viewsSaumadip Mandal, edited 19:41

Brut Security

💥 Registration Open for July Batch: Extreme Web Application Penetration Testing 💥

⚠️Slots Remaining 4

💯Registration Link: https://lnkd.in/g7MjfrXG

Join us for an intensive 2-month course designed for beginners with basic IT & cybersecurity knowledge!

🖥 Starts: July Mid, 2024
ℹ️ Schedule: Mon, Wed, Fri | 12:00 PM - 2:00 PM IST
⏸ Mode: Online | Language: English
🔗 Course Module:

https://lnkd.in/gfZbBCFn

Please open Telegram to view this post

VIEW IN TELEGRAM

lnkd.in

This link will take you to a page that’s not on LinkedIn

👍1

2.29K viewsSaumadip Mandal, edited 09:12

Brut Security

ceh-v12-exam-set.pdf

1.6 MB

☄️Sharpen your skills for the Certified Ethical Hacker v12 exam with these practice questions☄️